Vulnerability databases of commercial scanners

Sometimes when I am on a penetration test, I need confirmation for a vulnerability’s risk score, consequences (meaning real-life exploitation scenarios) or fix recommendations.

This happens mostly when vulnerabilities are not easily exploitable or have a low impact but, as a penetration tester, I must still report them and explain to clients why they should fix them. Examples of such vulnerabilities are the TRACE method being enabled, default Apache pages being accessible, etc.

When that happens, I check for the vulnerability class in question in one of these 4 sites:

More …

The 5 Hacking NewsLetter 2

T5HN2.png Hi, this is the second edition of The 5 Hacking NewsLetter. It’s a few days late but better late than never, right?
Grab a nice cup of coffee (or herbal tea if you’re an old soul like me) and enjoy!

Also, don’t forget to subscribe if you prefer receiving this on your inbox.

1. Tool of the week

CTFR by Sheila A. Berta

This is a great tool that I’ve just added to my testing arsenal. It gets subdomains of an HTTPS website in a few seconds by abusing certificate transparency logs.

More …

Tricks learned from the Vulnhub Drunk admin VM

Here are some pentest tips & tricks that I got from solving the Vulnhub Drunk admin challenge. You’ll find my detailed walkthrough here.

  • File upload quick reference:
    • First, analyze the normal behavior
      • Upload different file types
      • Is the filename you supply changed by the server?
      • If yes, try uploading the file a second time. Does the server attribute a different filename this time?
      • If the new name is always the same but seems random, identify if it is a hash with hash-identifier. The new name given by the server might be the (MD5, SHA1…) encoded value of your filename (with or without its extension)
      • Where are the uploaded files located? Can you access them?
    • If only images are allowed and you want to upload and execute PHP files:
More …

The 5 Hacking NewsLetter 1

T5HN1.png

Hi, I’m very happy to present you the first edition of The 5 Hacking NewsLetter! The idea behind it is to share with you every week the 5 coolest things related to hacking/pentest/bug bounty that I came across and enjoyed. I got the idea from Tim Ferris’s 5 bullet friday email newsletter.

Also, this is a newsletter that I’m posting directly on the blog. If you prefer to receive it in your inbox, I invite you to subscribe to this blog. I’ll then notify you when any article is out.

Without further ado, here are the 5 items of this week!

1. Web Hacking YouTube channel

Web Hacking 101: Pro Tips

I’ve been following Peter Yaworski for a while (since he published his book Web Hacking 101: How to Make Money Hacking Ethically). But I’ve only discovered this week his Web Hacking Pro Tips interviews.
They’re a must watch! He brings on big names of the Web hacking scene.

More …